Skip to content

3D Secure

3D Secure 1.x

3D Secure is an option to enhance security and prevent fraud. This is done by checking 3D Secure enrolment status of card holders and performing 3D Secure authentication of enrolled cards. Merchants must decide on whether they want this option activated, or in some cases this is also required by the acquiring bank. If 3D Secure is used, the merchant must decide on a configuration profile that specifies how restrictive the liability shift rules are applied. Currently there are two profiles available:

Profile "Accept all cards"

This means that Worldline will process all cards. If the card is enrolled in 3D Secure, 3D Secure verification will be performed. If not, the card will be processed in any case.

Basic flow: Worldline checks if 3DS authentication is required for the card. If it is, Worldline redirects the consumer to the ACS (Access Control Server). Else, the payment continues directly with card processing.

In case the consumer is redirected to the ACS, Worldline awaits the response and depending on the response it performs the following actions:

  1. If authentication is successful it will continue with 3DS processing.
  2. If authentication is not required it will continue without 3DS.
  3. If the authentication was not successful, the merchant informs the CardHolder that the purchase was declined.

Profile "Only accept cards that are enrolled in 3D Secure"

This means that when a consumer enters a card number, Worldline will check if the card is enrolled in 3D Secure. If it is, the consumer will be redirected to the issuing bank and the transaction will proceed as normal. If the consumer is not enrolled in 3D Secure, Worldline will decline the transaction.

Basic flow: Worldline checks if 3DS authentication is required for the card. If it is, Worldline redirects the consumer to the ACS (Access Control Server). Else, the transaction is declined.

In case the consumer is redirected to the ACS, Worldline awaits the response and depending on the response it performs the following actions:

  1. If authentication is successful it will continue with 3DS processing.
  2. If the authentication was not successful, the merchant informs the CardHolder that the purchase was declined.

Please note that the configuration for these profiles is done by Worldline on behalf of the merchant.

3D Secure 2.x

The 3D-Secure authentication protocol is based on a three-domain model where the Acquirer Domain and Issuer Domain are connected by the Interoperability Domain for the purpose of authenticating a Cardholder during an electronic commerce (e-commerce) transaction or to provide identity verification and account confirmation. EMVCo specifies protocol and core functions of 3-D Secure 2.0. EMVCo is an organization overseen by American Express, Discover, JCB, MasterCard, UnionPay, and Visa. Worldline clients who implement 3-D Secure benefit by reducing the chargeback risk of transactions and in most cases also shifts the liability for chargeback's from themselves to the issuing banks.

Please refer section Request Parameters specific to 3D Secure for parameters to facilitate 3DS processing.

PaymentPage templates to support 3DS 2.x

In order to support 3DS 2.x, add the below two templates in the PaymentPageTemplate zip file (please refer Example_templates.zip/Templates/template folder in the PaymentPage Start Kit).

  1. continue_auth.template
  2. complete_auth.template

Authentication Statuses

Below are the statuses shown in case of PaymentPage:

Authentication Statuses Description
SUCCESSFUL Status indicates that the authentication is successful
ATTEMPTED Status indicates that the authentication is attempted. Partially successful
TRY_AGAIN Status indicates that the authentication is not successful